VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Apply an Async Patch to VMware Cloud Foundation in Offline Mode

If your
SDDC Manager appliance
 does not have a connection to the internet, you can run the
Async Patch Tool
 from a computer that does. Download an async patch, copy the patch and the
Async Patch Tool
 to the
SDDC Manager appliance
, and enable the patch. You can then use the
SDDC Manager UI
 to apply the patch to all workload domains.
  • A Windows or Linux computer with internet connectivity (either directly or through a proxy server) for downloading the bundles.
  • The computer must have Java 8 or Java 11.
  • A Windows or Linux computer with access to the SDDC Manager appliance for uploading the bundles.
  • Refer to KB 88287 to ensure that the async patch is supported with your version of
    VMware Cloud Foundation
    . Contact VMware Support if you have questions about the available async patches and which versions of
    VMware Cloud Foundation
     support them.
  • You must have the latest version of the
    Async Patch Tool
    .
    If an existing or older version of the Async Patch Tool exists in the directory, you will need to remove these files from both the Linux or Windows computer and the SDDC manager before downloading the latest version of the
    Async Patch Tool
    .
    rm -r <AP Tool directory>
    rm -r <outputdirectory>
    The default directory is
    /home/vcf/apToolBundles
     if
    outputDirectory
     was not specified when the
    Async Patch Tool
     was previously run.
  • Configure TCP keepalive in your SSH client to prevent socket connection timeouts when using the
    Async Patch Tool
     for long-running operations.
  • The
    Async Patch Tool
     is supported with
    VMware Cloud Foundation
     4.2.1 and later. This release also supports ESXi and VxRail Manager patching of VMware Cloud Foundation on VxRail.
  1. Download the most recent version of the
    Async Patch Tool
     to a computer that has access to the internet.
    1. Log in to the Broadcom Support Portal and browse to
      My Downloads
      VMware Cloud Foundation
      .
    2. Click your current version of
      VMware Cloud Foundation
      .
    3. Click
      Drivers & Tools
      .
    4. Click the download icon for the
      Async Patch Tool
      .
  2. Extract
    vcf-async-patch-tool-
    <version>
    .tar.gz
    .
  3. Navigate to
    vcf-async-patch-tool-
    <version>
    /bin
     and confirm that you have execute permissions.
  4. Update the properties of the Async Patch Tool to support authenticated access to the VMware Depot.
  5. List the available async patches.
    1. Run the following command:
      Linux: 
      ./vcf-async-patch-tool --listAsyncPatch --du 
      broadcom_support_email
      Windows: 
      vcf-async-patch-tool.bat --listAsyncPatch --du 
      broadcom_support_email
      Replace
      broadcom_support_email
       with your Broadcom Support portal email address.
      Optionally, you can use the
      --sku
       and
      --productType
       options to filter the list of patches. See VCF Async Patch Tool Options for details.
      --outputDirectory
       is optional and can be used to specify a location for the download. Select a directory that has enough free space for the bundle. If you do not specify a location, the Async Patch Tool displays the default location in its output. For example:
      /root/apToolBundles
      .
      If you connect to the internet through a proxy server, use the
      --proxyServer, --ps
       option to specify the FQDN and port of the proxy server. For example,
      --proxyServer
      FQDN
      :
      port
      .
    2. Enter
      Y
       to confirm that you are running the latest version of the
      Async Patch Tool
      .
    3. Enter
      Y
       or
      N
       to choose whether or not to participate in the Customer Experience Improvement Program (CEIP).
    4. Enter your Broadcom Support portal password.
    The
    Async Patch Tool
     lists all available async patches.
  6. (VxRail async patch only) Copy the VxRail async patch-specific partner bundle metadata file using KB 91830.
  7. Download the input spec for the async patch you want to apply.
  8. Download an async patch using the input spec.
    1. Run the following command:
      Linux: 
      ./vcf-async-patch-tool -d -i 
      /path/to/inputspec
       --du 
      broadcom_support_email
      --sku 
      sku_type
       --pdu 
      dell_emc_depot_email
       --sddcManagerVersion 
      current_sddc_version
      Windows: 
      vcf-async-patch-tool.bat -d -i 
      /path/to/inputspec
       --du 
      broadcom_support_email
       --sku 
      sku_type
       --pdu 
      dell_emc_depot_email
       --sddcManagerVersion 
      current_sddc_version
      • Replace
        /path/to/inputspec
         with the path to the input spec you downloaded.
      • Replace
        broadcom_support_email
         with your Broadcom Support portal email address.
      • Replace
        sku_type
         with
        VCF
         or
        VCF_ON_VXRAIL
        .
      • Replace
        dell_emc_depot_email
         with your Dell EMC Depot email address. (VxRail only)
      • Replace
        current_sddc_version
         with your current version of SDDC Manager. For example:
        4.5.0.0
        . This is optional, but limits the number of bundles that are downloaded to only those that are applicable to your current version of SDDC Manager.
      • --outputDirectory
         is optional and can be used to specify a location for the download. Select a directory that has enough free space for the bundle. If you do not specify a location, the
        Async Patch Tool
         displays the default location in its output. For example:
        /root/apToolBundles
        .
      If you connect to the internet through a proxy server, use the
      --proxyServer, --ps
       option to specify the FQDN and port of the proxy server. For example,
      --proxyServer
      FQDN
      :
      port
      .
    2. Enter
      Y
       to confirm that you are running the latest version of the
      Async Patch Tool
      .
    3. Enter your Broadcom Support portal password.
    4. If the product type is
      VX_MANAGER
      , enter your Dell EMC Depot user name and password. (VxRail only)
    The
    Async Patch Tool
     downloads the patch and required artifacts (for example, the LCM manifest).
  9. Copy the patch and set permissions.
    1. Copy the entire output directory (for example,
      apToolBundles
      ) to the
      SDDC Manager appliance
      .
      You can select any location that has enough free space available, for example,
      /nfs/vmware/vcf/nfs-mount/apToolBundles
      .
    2. SSH in to the SDDC Manager appliance using the
      vcf
       user account.
    3. Navigate to
      /nfs/vmware/vcf/nfs-mount/apToolBundles
      .
      If you copied the output directory to a different location, navigate to that directory instead.
    4. Run the following commands:
      chmod -R 755 apToolBundles
      chown -R vcf:vcf apToolBundles
  10. Copy the
    Async Patch Tool
     to the
    SDDC Manager appliance
     and configure it for use.
    1. SSH in to the
      SDDC Manager appliance
       using the
      vcf
       user account.
    2. Create the
      asyncPatchTool
       directory.
      mkdir /home/vcf/asyncPatchTool
    3. Copy the entire contents of the
      Async Patch Tool
       directory from the computer with internet access to the
      /home/vcf/asyncPatchTool
       directory on the
      SDDC Manager appliance
      .
    4. Set the permissions for the
      asyncPatchTool
       directory.
      cd /home/vcf/
      chmod -R 755 asyncPatchTool
      chown -R vcf:vcf asyncPatchTool
  11. Copy the input spec to the
    SDDC Manager appliance
    .
  12. Enable an async patch using the input spec.
    1. Navigate to
      /home/vcf/asyncPatchTool/bin
       and run the following command:
      ./vcf-async-patch-tool -i 
      /path/to/inputspec
       --sddcSSOUser 
      SSOuser
       --sddcSSHUser vcf --outputDirectory 
      bundleDirectory
       --it OFFLINE
      • Replace
        /path/to/inputspec
         with the path to the input spec.
      • Replace
        SSOuser
         with the management domain SSO user account, for example,
        administrator@vsphere.local
        .
      • Replace
        bundleDirectory
         with the location of the bundle directory from step 6. For example,
        /nfs/vmware/vcf/nfs-mount/apToolBundles
        .
    2. Enter
      Y
       to confirm that you are running the latest version of the
      Async Patch Tool
      .
    3. Enter
      Y
       or
      N
       to choose whether or not to participate in the Customer Experience Improvement Program (CEIP).
    4. Read the information and enter
      Y
       to acknowledge the pre-requisites.
    5. Enter the password for the super user (
      vcf
      ) account.
    6. Enter the password for the root user account.
    7. Enter the password for the management domain SSO user account.
    The
    Async Patch Tool
     uploads the patch to the internal LCM repository on the
    SDDC Manager appliance
    .
  13. Log in to the
    SDDC Manager UI
     and apply the async patch to all workload domains.
    • For clusters in workload domains with vSphere Lifecycle Manager baselines, you can upgrade ESXi to the async patch version with a custom ISO from your vendor. See "Upgrade ESXi with Custom ISOs" in
      VMware Cloud Foundation Lifecycle Management
      .
    • For clusters in workload domains with vSphere Lifecycle Manager images, you can upgrade ESXi to the async patch version by following the procedure "Upgrade ESXi with vSphere Lifecycle Manager Images for VMware Cloud Foundation" in
      VMware Cloud Foundation Lifecycle Management
      .
  14. After the async patch is successfully applied, use the
    Async Patch Tool
     to deactivate the patch.
    1. SSH in to the SDDC Manager appliance using the
      vcf
       user account.
    2. Navigate to
      /home/vcf/asyncPatchTool/bin
      .
    3. Run the following command:
      ./vcf-async-patch-tool --disableAllPatches --sddcSSOUser 
      SSOuser
       --sddcSSHUser vcf
      Replace
      SSOuser
       with the management domain SSO user account, for example,
      administrator@vsphere.local
      .
    4. Enter
      Y
       to confirm that you are running the latest version of the
      Async Patch Tool
      .
    5. Enter
      Y
       or
      N
       to choose whether or not to participate in the Customer Experience Improvement Program (CEIP).
    6. Enter the password for the super user (
      vcf
      ) account.
    7. Enter the password for the root user account.
    8. Enter the password for the management domain SSO user account.
Starting with
VMware Cloud Foundation
 5.2, if you applied a
vCenter Server
 or
NSX Manager
 async patch to the management domain, any new workload domains that you deploy will include the patched version of
vCenter Server
 and/or
NSX Manager
.
For versions of
VMware Cloud Foundation
 earlier than 5.2, new workload domains will not include async patch versions of
vCenter Server
 or
NSX Manager
. Use this procedure to apply the async patch(es) to the new workload domain.
After you update the hosts in a workload domain to an async patch version of ESXi, any new hosts that you add to the workload domain must use the async patch version of ESXi and not the version listed in the
VMware Cloud Foundation
 BOM.

Content feedback and comments